Jump to content
TorGuard
  • 0
Axlerod34

Fix DNS leaks gnome network manager

Rate this question

Question

Axlerod34

Fix for Ubuntu 17.10 but should work on other distributions.

First you need to make sure you have the openvpn installed for gnome using the following command.

sudo apt-get install network-manager-openvpn-gnome

after importing .opvn files into network manager you need to set the ipv4 dns to 10.8.0.1 and 10.9.0.1.

Once saved you need to manually edit the vpn connection's config file located in /etc/NetworkManager/system-connections

If you are logged in with Wayland you will need to do the following first so you can edit the config file.

xhost +si:localuser:root

sudo su

gksu gedit name of config file

add the following line under [ipv4]

dns-priority=-1

save and restart network-manager using the following and remove elevated permissions for graphical root access

sudo service network-manager restart

xhost -si:localuser:root

Connect and no more dns leaks.

See more here

 

https://bugzilla.gnome.org/show_bug.cgi?id=758772

 

 

 

 

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Support
On 27/02/2018 at 4:47 AM, Axlerod34 said:

Fix for Ubuntu 17.10 but should work on other distributions.

First you need to make sure you have the openvpn installed for gnome using the following command.

sudo apt-get install network-manager-openvpn-gnome

after importing .opvn files into network manager you need to set the ipv4 dns to 10.8.0.1 and 10.9.0.1.

Once saved you need to manually edit the vpn connection's config file located in /etc/NetworkManager/system-connections

If you are logged in with Wayland you will need to do the following first so you can edit the config file.

xhost +si:localuser:root

sudo su

gksu gedit name of config file

add the following line under [ipv4]

dns-priority=-1

save and restart network-manager using the following and remove elevated permissions for graphical root access

sudo service network-manager restart

xhost -si:localuser:root

Connect and no more dns leaks.

See more here

 

https://bugzilla.gnome.org/show_bug.cgi?id=758772

 

 

 

 

 

Thanks for sharing this Axlrod34 :)

Share this post


Link to post
Share on other sites
  • 0
Axlerod34

A second fix which also happened to resolve a few issues for me regarding dns resolution on non vpn connections was to disable systemd-resolved from handling dns resolution.

First is to explicitly tell Network Manager to use the default settings for managing the resolv.conf file by editing the NetworkManager.conf file

sudo nano /etc/NetworkManager/NetworkManager.conf

add the following line under [main]

dns=default

next is to make a backup of the resolv.conf file just in case preserving any symbol links and such.

sudo mv /etc/resolv.conf /etc/resolv.conf.bak

finally disable and stop the systemd-resolved service and restart network-manager for the changes to take effect.
 

sudo systemctl stop systemd-resolved

sudo systemctl disable systemd-resolved

sudo systemctl restart network-manager

 

If all went correctly the /etc/resolv.conf should have a line like this and no longer need the dns-priority=-1 in each vpn config file to prevent dns leaks.

# Generated by NetworkManager
nameserver x.x.x.x

 

If for some reason your dns stops working afterwards do the following to restore the previous settings.
 

sudo mv /etc/resolv.conf.bak /etc/resolv.conf

sudo systemctl enable systemd-resolved

sudo systemctl start systemd-resolved

sudo systemctl restart network-manager

 

You won't need to change the NetworkManager.conf file afterwards since when set to default if the resolv.conf file is symbolic linked to systemd-resolved it will use systemd-resolved automatically as far as what the man pages specify.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×